Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[greasyfingers]

I'm a linux user, with no previous experience of networking before getting a DNS-320, and I'm getting confused with permissions.

I've figured out how to mount a remote NAS directory on a mountpoint on my local system, but I can't get control over what access permissions that mounted directory then has.

For example, I create a local mountpoint, owned by 'localuser', with group rights set to 'localuser', and with 0755 permissions - ie. rwxr-xr-x.

The remote directory is called 'nasdir'; it's user is set to 'nobody', its group is 'allaccount', and it's access rights are 0777 (ie. rwxrwxrwx - anybody has read, write and execute permission), which makes sense at this stage, though these can be changed.

I also set up a user account on the NAS called 'nasuser', which alone has read/write permission to nasdir, which is added to the shares list.

This is the mount command I use:

Code: [Select]

mount -t cifs -o username=nasuser,password=password,uid=localuser,gid=localuser,file_mode=0644,dir_mode=0755 //192.168.0.30/nasdir /local/mountpoint
But the mountpoint gains 0777 rights, as do all directories subsequently created under it, or copied to it. Any user can write to it, which is not what I want.

I can change this by giving nasdir 0755 permissions within the NAS - but these permissions are relative to user 'nobody' and group 'allaccount', and although this /appears/ to give the mounted directory the permissions I want, in fact no local user (including root) then has write permissions, regardless of who the owner is set to.

I can understand this, because local settings shouldn't be able to override a remote limit on access. But surely the local system should be in control of which local user has access to a mounted directory when that directory is set to 0777?

Apologies for the length of post. Now, somebody please tell me I'm missing something childishly simple and obvious.

[LoonQ]

Hi

This is how I did my mount in Linux Mint:

sudo apt-get install smbfs

Then I created a text file containing (the credentials from the DNS-320):

username=user
password=pass


which i named .kreditiv and put in my mounts folder, placed in the home folder.

Then I edited fstab see example below:

//192.168.0.99/Volume_1 /home/LoonQ/mounts/ cifs credentials=/home/LoonQ/mounts/.kreditiv,_netdev,iocharset=utf8 0 0

Then I just rebooted my system, after login the NAS gets mounted with the permissions
set in the DNS-320 admin interface.

[greasyfingers]

Thanks, LoonQ,

We are, essentially, mounting it in the same way - if I put my command into fstab it would look pretty much like yours, with a few extra options to try and force the permissions I want. I do actually use a credentials file, too, but wanted to be explicit about what I'm doing.

So I'm glad to hear I've got that bit right.

after login the NAS gets mounted with the permissions set in the DNS-320 admin interface

What permissions do you get? Is the mountpoint drwxrwxrwx? If you create a new directory within it (or copy another one into it), is that also drwxrwxrwx? And do your files needlessly get execute permissions?

I can change the permissions of the NAS folder from the Web File Server - I presume that's what you mean - but at that level the folder's owner is 'nobody' and group is 'allaccount', and so the permissions I see are relative to that; I don't see how to change them in a way that is meaningful to the local user.

[LoonQ]

I might be way off but I set the permissions to the NAS folders in the webadmin gui: Management -> Account management. I do not set folder permissions to the NAS folders in the OS.

Then I simply mount using the desired user. We are 6 persons in my family, each have their own account with specific rights. My 4 kids for example only has read rights to some folders while I have read/write.

This works with our 4 Windows based computers, my Xbox with XBMC and with my 2 Linux Mint computers.

[greasyfingers]

I hope this is just something I'm not understanding - from what I'm doing, I don't really see how each user gets different permissions on the same computer.

I've restarted from scratch - reset the unit back to factory defaults, and reformatted the disks. Here's a list of each step I've taken as I attempt to get a remote share mounted with normal user rights (dwrxr-xr-x and frw-r--r--). If anybody spots any blunders, please say:

1. Open the Web File Server and create a new folder under Volume_1 called nasdir
2. Set up a user account called nasuser
3. Add nasdir to Network Shares, giving nasuser read/write permissions
4. On local computer, create a mountpoint at /home/localuser/mountpoint; it is owned by localuser, and has permissions of rwxr-xr-x
5. Add the following line to /etc/fstab and reboot

Code: [Select]

//192.168.0.30/nasdir /home/localuser/mountpoint cifs username=nasuser,password=password,uid=1000,gid=1000,_netdev 0 0
Results:

The mountpoint is owned by localuser, but all directories under it get assigned rwxrwxrwx permissions, as do files copied into it (anyone logged in to the computer can modify or delete, including other users). Only newly created files (not directories) get the desired rw-r--r-- permissions. Permissions of things below the mountpoint can be modified, but not recursively (permission denied error - even as root), so this would have to be done separately for every single item.

If I don't specify the uid=1000,gid=1000 options (1000 = localuser), then owner and group of the mountpoint becomes 501 and 501, and anything below the mountpoint gets 1011 and 501 respectively - don't know what these IDs are.

Adding the mount options of file_mode=0644 and dir_mode=0775 doesn't seem to make any difference.

Help, please.

[LoonQ]

I just have one user on each computer That might be why this is working for me.

[freddano]

If you are using Linux-clients perhaps you should look into using NFS?

I mount my NAS from Linux and mac os X using NFS and if I sync the UIDs on all machines I can use the mounts as any local file-system, ie the permissions are "inherited" from the client machine. Just specify in the NAS which user that owns the share you're creating.

A typical line in /etc/fstab on the client looks as follows.


192.168.0.32:/mnt/HD/HD_a2/iTunes /media/iTunes nfs async,nolock,user,rw,rsize=32768,wsize=32768,noauto   0   0

It should all be on one line, ofcourse.

For a more in depth guide you could for instance see http://forums.dlink.com/index.php?topic=20999.0

NFS works so well for me that I hardly think of it as a remote file-system any more.